平台
kubernetes
组件
cluster-kube-apiserver-operator
修复版本
4.1.4
CVE-2019-10165 affects OpenShift Container Platform versions prior to 4.1.3. This vulnerability allows attackers with sufficient privileges to recover OAuth tokens from audit logs. These recovered tokens can then be used to access other resources within the OpenShift environment. A fix is available in version 4.1.3.
The primary impact of CVE-2019-10165 is unauthorized access to resources within the OpenShift Container Platform. An attacker who can access the audit logs—which may be accessible to administrators or through compromised accounts—can extract OAuth tokens. These tokens grant access to various Kubernetes and OpenShift API resources, potentially allowing the attacker to escalate privileges, read sensitive data, or even modify configurations. The blast radius is limited to the resources accessible through the compromised OAuth token, but the potential for damage is significant if the token grants broad permissions. This vulnerability shares similarities with other token leakage issues where improperly secured tokens can be exploited for unauthorized access.
CVE-2019-10165 was publicly disclosed on July 30, 2019. There is no indication of active exploitation campaigns targeting this vulnerability. It is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are not widely available, suggesting a relatively low probability of exploitation in the wild, though the potential for internal exploitation remains a concern.
Organizations using OpenShift Container Platform versions 4.1.0, 4.1.1, and 4.1.2 are at risk. Environments with lax access controls to audit logs are particularly vulnerable, as are those where administrators routinely access and review audit logs without proper security precautions.
• linux / server:
journalctl -u auditd | grep -i 'oauth token'• kubernetes / server: Inspect Kubernetes audit logs for plaintext OAuth tokens. Review RBAC configurations to ensure least privilege access. • generic web: Review access logs for unusual access patterns to the audit log endpoint.
disclosure
漏洞利用状态
EPSS
0.06% (19% 百分位)
CVSS 向量
The primary mitigation for CVE-2019-10165 is to upgrade OpenShift Container Platform to version 4.1.3 or later, which includes the fix. If upgrading immediately is not possible, consider restricting access to the audit logs to only authorized personnel. Implement robust access controls and monitoring to detect any suspicious activity related to the audit logs. While not a direct fix, enabling audit log encryption can help protect the confidentiality of the tokens, although it does not prevent them from being logged in the first place. After upgrading, confirm the fix by verifying that OAuth tokens are no longer written in plaintext to the audit logs.
Actualice OpenShift Container Platform a la versión 4.1.3 o posterior. Esto corregirá la vulnerabilidad que escribe tokens OAuth en texto plano en los registros de auditoría.
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2019-10165 is a vulnerability affecting OpenShift Container Platform versions before 4.1.3 where OAuth tokens are written in plaintext to audit logs, potentially allowing attackers to access resources.
You are affected if you are running OpenShift Container Platform versions 4.1.0, 4.1.1, or 4.1.2. Upgrade to 4.1.3 or later to resolve the issue.
Upgrade OpenShift Container Platform to version 4.1.3 or later. Restrict access to audit logs as an interim measure.
There is no current evidence of active exploitation campaigns targeting CVE-2019-10165, but the potential for internal exploitation remains.
Refer to the Red Hat security advisory for CVE-2019-10165: https://access.redhat.com/security/cve/CVE-2019-10165